package com.larly.project.larlyinterface.controller;

import com.larly.larlyclientsdk.model.User;
import org.springframework.web.bind.annotation.*;

import javax.servlet.http.HttpServletRequest;

@RestController
@RequestMapping("/name")
public class NameController {

    @GetMapping("/")
    public String getName(String name){
        return  "GET" + name;
    }
    @PostMapping("/")
    public String postName(@RequestParam String name){
        return "POST,Url传参"+ name;
    }

    @PostMapping("/user")
    public String postName(@RequestBody User user, HttpServletRequest request){
        String accessKey = request.getHeader("accessKey");
        String timestamp = request.getHeader("timestamp");
        String sign = request.getHeader("sign");
        String nonce = request.getHeader("nonce");
        String data = request.getHeader("data");
        if(!"larly".equals(accessKey)){
            throw new Error("accessKey错误");
        }
//      todo 时间戳验证， 有效时间多少分
//      todo 随机数验证，  防重放（数据库查）

//        secretKey实际上从数据库中取出来
        String serveSign = com.larly.larlyclientsdk.utils.SignUtils.getSign(data, "1234567");
        if(!serveSign.equals(sign)){
            throw new Error("sign错误");
        }
        return "POST对象传参" + user.getName();
    }
}
